By now, Americans are all too familiar with the ways hackers can gain unauthorized entry into their personal accounts online. But did you know that the government can currently seize many of your e-mails without even getting a warrant?

That’s the result of a gaping loophole in a nearly 30-year-old law known as the Electronic Communications Privacy Act. Despite its name, ECPA doesn’t do as much to protect your information as you might think. E-mails that have been sitting in your inbox for more than six months can, under the law, be seized by federal officials with little more than a request to your e-mail provider. It’s a holdover from the time before cloud storage made it easy to archive your entire life online.

Now, Congress is on the cusp of finally updating the law. But one unexpected critic of the proposed changes is the agency that’s become the nation’s biggest privacy watchdog, the Federal Trade Commission. It’s the FTC that went after Snapchat last year for accidentally leaking 4.6 million account holders’ information into the wild. In fact, the agency now has dozens of data security cases under its belt. The commission has even advised Congress on how to design privacy safeguards for commercial data brokers and facial recognition technology.

But in Senate testimony Wednesday, the FTC cautioned Congress against going too far with ECPA reform.